AuthorizationHelper.cs

Go to the documentation of this file.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
 
using HotChocolate;
 
using Microsoft.AspNetCore.Authorization;
 
using Tgstation.Server.Host.Security;
 
namespace Tgstation.Server.Host.GraphQL
{
    static class AuthorizationHelper
    {
        public static GraphQLException ForbiddenGraphQLException(this AuthorizationFailure authorizationFailure)
        {
            ArgumentNullException.ThrowIfNull(authorizationFailure);
 
            var messageBuilder = new StringBuilder("The current user is not authorized to access this resource.");
 
            foreach (var failureReason in authorizationFailure.FailureReasons)
            {
                messageBuilder.AppendLine();
                messageBuilder.Append("\t- ");
                messageBuilder.Append(failureReason.Message);
            }
 
            return new(ErrorBuilder.New()
                .SetMessage(messageBuilder.ToString()) // Copied from graphql-platform: AuthorizeMiddleware.cs
                .SetCode(ErrorCodes.Authentication.NotAuthorized)
                .Build());
        }
 
        public static async ValueTask CheckGraphQLAuthorized(
            this Security.IAuthorizationService authorizationService,
            IEnumerable<IAuthorizationRequirement>? authorizationRequirements,
            bool excludeUserSessionValidRequirement = false)
        {
            ArgumentNullException.ThrowIfNull(authorizationService);
            ArgumentNullException.ThrowIfNull(authorizationRequirements);
 
            if (!excludeUserSessionValidRequirement)
                authorizationRequirements = UserSessionValidRequirement.InstanceAsEnumerable.Concat(authorizationRequirements);
 
            var result = await authorizationService.AuthorizeAsync(authorizationRequirements);
            if (!result.Succeeded)
                throw result.Failure.ForbiddenGraphQLException();
        }
    }
}